GHSA-rm8v-mxj3-5rmq

Suggest an improvement
Source
https://github.com/advisories/GHSA-rm8v-mxj3-5rmq
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-rm8v-mxj3-5rmq/GHSA-rm8v-mxj3-5rmq.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-rm8v-mxj3-5rmq
Aliases
Published
2023-06-14T17:24:36Z
Modified
2023-11-08T04:22:49.387484Z
Summary
github.com/lestrrat-go/jwx vulnerable to Potential Padding Oracle Attack
Details

Summary

Decrypting AES-CBC encrypted JWE has Potential Padding Oracle Attack Vulnerability.

Details

On v2.0.10, decrypting AES-CBC encrypted JWE may return an error "failed to generate plaintext from decrypted blocks: invalid padding":

https://github.com/lestrrat-go/jwx/blob/8840ffd4afc5839f591ff0e9ba9034af52b1643e/jwe/internal/aescbc/aescbc.go#L210-L213

Reporting padding error causes Padding Oracle Attack Vulnerability. RFC 7516 JSON Web Encryption (JWE) says that we MUST NOT do this.

11.5. Timing Attacks To mitigate the attacks described in RFC 3218 [RFC3218], the recipient MUST NOT distinguish between format, padding, and length errors of encrypted keys. It is strongly recommended, in the event of receiving an improperly formatted key, that the recipient substitute a randomly generated CEK and proceed to the next step, to mitigate timing attacks.

In addition, the time to remove padding depends on the length of the padding. It may leak the length of the padding by Timing Attacks.

https://github.com/lestrrat-go/jwx/blob/796b2a9101cf7e7cb66455e4d97f3c158ee10904/jwe/internal/aescbc/aescbc.go#L33-L66

To mitigate Timing Attacks, it MUST be done in constant time.

Impact

The authentication tag is verified, so it is not an immediate attack.

References

Affected packages

Go / github.com/lestrrat-go/jwx/v2

Package

Name
github.com/lestrrat-go/jwx/v2
View open source insights on deps.dev
Purl
pkg:golang/github.com/lestrrat-go/jwx/v2

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.11

Database specific

{
    "last_known_affected_version_range": "<= 2.0.10"
}

Go / github.com/lestrrat-go/jwx

Package

Name
github.com/lestrrat-go/jwx
View open source insights on deps.dev
Purl
pkg:golang/github.com/lestrrat-go/jwx

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.26

Database specific

{
    "last_known_affected_version_range": "<= 1.2.25"
}